Improve CSP and security headers (closes #74)

2025-12-14 12:15:22 +00:00 · 2022-11-18 12:08:18 -05:00
parent 10289cde51
commit 5c2962d34d
5 changed files with 6 additions and 6 deletions
--- a/pages/post.go
+++ b/pages/post.go
@@ -45,7 +45,7 @@ func HandlePost(c *fiber.Ctx) error {
 	}

 	nonce := ""
-	csp := "default-src 'none'; media-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content; style-src 'self'"
+	csp := "default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; media-src 'self'; img-src 'self'; manifest-src 'self'; block-all-mixed-content; style-src 'self'"
 	if len(post.Tags) != 0 {
 		b := make([]byte, 8)
 		rand.Read(b)